Skip to content

Commit 08eabac

Browse files
zylazyla
committed
Async private key generation
1 parent f6701de commit 08eabac

File tree

2 files changed

+24
-5
lines changed

2 files changed

+24
-5
lines changed

lib/resty/acme/autossl.lua

Lines changed: 14 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -204,13 +204,18 @@ local function update_cert_handler(data)
204204

205205
if not pkey then
206206
local t = ngx.now()
207+
local err
207208
if typ == 'rsa' then
208-
pkey = util.create_pkey(4096, 'RSA')
209+
pkey, err = util.create_pkey(4096, 'RSA')
209210
elseif typ == 'ecc' then
210-
pkey = util.create_pkey(nil, 'EC', 'prime256v1')
211+
pkey, err = util.create_pkey(nil, 'EC', 'prime256v1')
211212
else
212213
return "unknown key type: " .. typ
213214
end
215+
if not pkey then
216+
log(ngx_ERR, "error creating new ", typ, " private key for ", domain, ": ", err)
217+
return err
218+
end
214219
ngx.update_time()
215220
log(ngx_INFO, ngx.now() - t, "s spent in creating new ", typ, " private key")
216221
end
@@ -456,7 +461,11 @@ function AUTOSSL.init(autossl_config, acme_config)
456461
else
457462
-- We always generate a key here incase there isn't already one in storage
458463
-- that way a consistent one can be shared across all workers
459-
AUTOSSL.generated_account_key = AUTOSSL.create_account_key()
464+
local key, err = AUTOSSL.create_account_key()
465+
if not key then
466+
error("failed to create account key: " .. err)
467+
end
468+
AUTOSSL.generated_account_key = key
460469
end
461470

462471
if autossl_config.staging then
@@ -676,10 +685,10 @@ end
676685

677686
function AUTOSSL.create_account_key()
678687
local t = ngx.now()
679-
local pkey = util.create_pkey(4096, 'RSA')
688+
local pkey, err = util.create_pkey(4096, 'RSA')
680689
ngx.update_time()
681690
log(ngx_INFO, ngx.now() - t, "s spent in creating new account key")
682-
return pkey
691+
return pkey, err
683692
end
684693

685694
function AUTOSSL.load_account_key_storage()

lib/resty/acme/util.lua

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,15 @@ local function create_csr(domain_pkey, ...)
9090
end
9191

9292
local function create_pkey(bits, typ, curve)
93+
local ok, result_or_err = ngx.run_worker_thread('create_pkey', 'resty.acme.util', 'create_pkey_sync', bits, type)
94+
if not ok then
95+
ngx_log(ngx_ERR, "create_pkey: failed to run worker thread: ", result_or_err)
96+
return nil, result_or_err
97+
end
98+
return result_or_err
99+
end
100+
101+
local function create_pkey_sync(bits, typ, curve)
93102
bits = bits or 4096
94103
typ = typ or 'RSA'
95104
local pkey = openssl.pkey.new({
@@ -179,6 +188,7 @@ return {
179188
thumbprint = thumbprint,
180189
create_csr = create_csr,
181190
create_pkey = create_pkey,
191+
create_pkey_sync = create_pkey_sync,
182192
check_chain_root_issuer = check_chain_root_issuer,
183193
log = log,
184194
}

0 commit comments

Comments
 (0)